I have a problem with this.
I once did the tutorial completely (except of step 9 )
But now it doesnt seem to work anymore.
In step 8 i find the Value and i find out what writes to this adress (ESI)
and i hex search for it and add the found adress manually with offset 18 as i saw it in the info on my adress and THEN i cant find anything else except of ESI again. the same adress.
And if i try to start again, the first value adress i have found is not possible to find what accesses and not what writes the adress. both windows stay empty after i change the value.
I already tried to reinstall CE 6.5.

Ignore the instruction mov esi,[esi]. If you look at the bottom of the extra info menu, you'll see a message that says, "The registers shown here are AFTER the instruction has been executed". Since you're moving the value of the address in esi into esi, you don't have the value esi was at before the instruction was executed; therefore, the probable value of the pointer it's giving you is wrong.

Are you sure you selected "Find out what accesses this pointer" after right clicking on the pointer in your address list and selecting "Find out what accesses this address"?_________________

I don't know where I'm going, but I'll figure it out when I get there.

i dont want to know the answere. i want to find my way to it. Does anyone see a mistake i made or maybe something i have missed?

ParkourPenguin wrote:

Ignore the instruction mov esi,[esi]. If you look at the bottom of the extra info menu, you'll see a message that says, "The registers shown here are AFTER the instruction has been executed". Since you're moving the value of the address in esi into esi, you don't have the value esi was at before the instruction was executed; therefore, the probable value of the pointer it's giving you is wrong.

Are you sure you selected "Find out what accesses this pointer" after right clicking on the pointer in your address list and selecting "Find out what accesses this address"?

i dont want to know the answere. i want to find my way to it. Does anyone see a mistake i made or maybe something i have missed?

ParkourPenguin wrote:

Ignore the instruction mov esi,[esi]. If you look at the bottom of the extra info menu, you'll see a message that says, "The registers shown here are AFTER the instruction has been executed". Since you're moving the value of the address in esi into esi, you don't have the value esi was at before the instruction was executed; therefore, the probable value of the pointer it's giving you is wrong.

Are you sure you selected "Find out what accesses this pointer" after right clicking on the pointer in your address list and selecting "Find out what accesses this address"?

Yes iam sure. I just tried it again :/

According to the picture,please use information on: cmp dword ptr [esi],00 instruction or just scan for 01743328 ._________________

The value you first searched for was 0172EA98, not 01743318. It's even displayed in the picture.

Again, third time this has been said, but don't use mov esi,[esi]. Use the other one, cmp dword ptr [esi],00. The mov modifies the same register it's accessing, and since the information in the "More info" window is calculated after the instruction is executed, it's not of any use to you._________________

I don't know where I'm going, but I'll figure it out when I get there.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum